Threat actors target WordPress sites using vulnerable File Manager install
Experts reported threat actors are increasingly targeting a recently addressed vulnerability in the WordPress plugin File Manager. Researchers from WordPress...
hacking
Some-Tools – Install And Keep Up To Date Some Pentesting Tools
Some-ToolsWhyI was looking for a way to manage and keep up to date some tools that are not include in...
MZAP – Multiple Target ZAP Scanning
Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.ConceptInstallationgo-get$ go get -u github.com/hahwul/mzapsnapcraft$ sudo snap...
Monsoon – Fast HTTP Enumerator
A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display...
Avcleaner – C/C++ Source Obfuscator For Antivirus Bypass
C/C++ source obfuscator for antivirus bypass.Builddocker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the...
Chinese, Iranian, and Russian APT groups target 2020 US election
Microsoft reveals that state-sponsored hackers had tried to breach email accounts belonging to people involved in the US election. Microsoft...
Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS
Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Palo...
Colocation data centers giant Equinix data hit by Netwalker Ransomware
Equinix, one of the world’s largest providers of colocation data centers and Internet connection announced it was hit by Netwalker...
CDRThief Linux malware steals VoIP metadata from Linux softswitches
ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call...
BLURtooth flaw allows attacking Bluetooth encryption process
Bluetooth 4.0 through 5.0 versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. A...
Hackers stole $5.4 million from cryptocurrency exchange ETERBASE
Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed...
Spyre – Simple YARA-based IOC Scanner
...a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARA pattern matching engine...
Safety – Check Your Installed Dependencies For Known Security Vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities.By default it uses the open Python vulnerability database Safety DB, but...
How to Track and Remediate Default Account Vulnerabilities in InsightVM
In this blog post, we are going to talk about a couple of older, lesser-known features that can still provide...
Anchore Engine – A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore DocumentationThe...
Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources
Review Access - kubectl plugin to show an access matrix for server resourcesIntroHave you ever wondered what access rights you...
This One Time on a Pen Test: I’m Calling My Lawyer!
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Patch Tuesday – September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday)Despite maintaining the continued high volume of vulnerabilities disclosed...
Empire: Malleable C2 Profiles
Empire 3.4.0 is our next major release and is packed with one of the most advanced features to-date, Malleable C2....
Browsertunnel – Surreptitiously Exfiltrate Data From The Browser Over DNS
Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch,...
Bpytop – Linux/OSX/FreeBSD Resource Monitor
Resource monitor that shows usage and stats for processor, memory, disks, network and processes.Python port of bashtop.FeaturesEasy to use, with...
PurpleCloud – An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the...
OpenRedireX – Asynchronous Open redirect Fuzzer for Humans
A Fuzzer For OpenRedirect Issues.Key Features :Takes a url or list of urls and fuzzes them for Open redirect issuesYou...
Epic Manchego gang uses Excel docs that avoid detection
A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that...
